This project focuses on researching the Metasploit Framework and developing a custom exploit module targeting a buffer overflow vulnerability. The module provided demonstrates an exploit for MS08-067, specifically tailored for Windows Server 2003 SP2 English (NX enabled).
The project showcases:
- Understanding of Metasploit module structure
- Crafting payloads and ROP chains
- Implementing SMB and DCERPC communication
- Bypassing NX (No-eXecute) protections
- Triggering a real-world stack corruption vulnerability
- π§ Custom Metasploit exploit module written in Ruby
- 𧱠NX bypass chain using carefully selected ROP gadgets
- π‘ SMB authentication & DCERPC interaction
- π― Tested against Windows Server 2003 SP2 (NX) in lab environment
- π Includes path canonicalization exploitation logic found in
NetAPI32.dll
initialize: Defines metadata, payload options, references, and targetscheck: Determines if the remote host is running a vulnerable serviceexploit: Performs SMB login, constructs the malicious path, triggers the overflow, and runs the payload
- Metasploit Framework installed
- Windows Server 2003 SP2 English (NX) as the target
- SMB access credentials
- Lab or isolated environment (
β οΈ critical for safety)
Place the exploit module in:
~/.msf4/modules/exploits/windows/smb/
Then run:
msfconsole
use exploit/windows/smb/ms08_067_custom
set RHOST <target_ip>
set SMBUser <username>
set SMBPass <password>
run
- CVE-2008-4250
- Microsoft Security Bulletin MS08-067
- Research documentation from Rapid7
This exploit is intended strictly for educational and research purposes.
Do NOT use it on systems you do not own or without explicit permission.
- π§βπ» NHAT
To provide a practical study of:
- Metasploit internals
- Exploit development methodology
- Real-world vulnerability exploitation
- Modern defense bypassing (NX/DEP)
This project helps students and security researchers gain hands-on experience in low-level exploit development.